Home > mailing lists

Re: Best practice to create a read-only user? - Mailing list pgsql-admin

From	Sergey Konoplev
Subject	Re: Best practice to create a read-only user?
Date	May 8, 2013 06:29:10
Msg-id	CAL_0b1s6uRoUURi+3t-Xi+K+NDcaB_shiD9+s=H8XVsQZcF+cQ@mail.gmail.com Whole thread Raw
In response to	Best practice to create a read-only user? (matthias ritzkowski <matthias@marlinmobile.com>)
List	pgsql-admin

Tree view

On Fri, May 3, 2013 at 7:03 AM, matthias ritzkowski
<matthias@marlinmobile.com> wrote:
> What do people use day to day?

I usually set default privileges for user postgres like below and
create end users in particular roles, either role_ro for read only or
role_rw for read-write access. All the database objects one need the
default privileges to be applied to must be created with user
postgres.

ALTER DEFAULT PRIVILEGES FOR ROLE postgres
    GRANT SELECT ON SEQUENCES  TO role_ro;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres
    GRANT SELECT ON TABLES  TO role_ro;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres
    GRANT EXECUTE ON FUNCTIONS TO role_ro;

ALTER DEFAULT PRIVILEGES FOR ROLE postgres
    GRANT SELECT,USAGE ON SEQUENCES  TO role_rw;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres
    GRANT SELECT,INSERT,DELETE,UPDATE ON TABLES  TO role_rw;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres
    GRANT EXECUTE ON FUNCTIONS TO role_rw;

--
Kind regards,
Sergey Konoplev
PostgreSQL Consultant and DBA

Profile: http://www.linkedin.com/in/grayhemp
Phone: USA +1 (415) 867-9984, Russia +7 (901) 903-0499, +7 (988) 888-1979
Skype: gray-hemp
Jabber: gray.ru@gmail.com

pgsql-admin by date:

From: Bhanu Murthy
Date: 07 May 2013, 20:35:52
Subject: Re: [SQL] Encrypting PGBouncer to Postgres DB connections

From: Haifeng Liu
Date: 08 May 2013, 07:41:41
Subject: How to prevent vacuum again and again on the unchanged tables?

Re: Best practice to create a read-only user? - Mailing list pgsql-admin

Previous

Next